Taming shared mutable states of operating systems in Rust

IF 1.5 4区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Science of Computer Programming Pub Date : 2024-05-27 DOI:10.1016/j.scico.2024.103152
Jaemin Hong , Sunghwan Shim , Sanguk Park , Tae Woo Kim , Jungwoo Kim , Junsoo Lee , Sukyoung Ryu , Jeehoon Kang
{"title":"Taming shared mutable states of operating systems in Rust","authors":"Jaemin Hong ,&nbsp;Sunghwan Shim ,&nbsp;Sanguk Park ,&nbsp;Tae Woo Kim ,&nbsp;Jungwoo Kim ,&nbsp;Junsoo Lee ,&nbsp;Sukyoung Ryu ,&nbsp;Jeehoon Kang","doi":"10.1016/j.scico.2024.103152","DOIUrl":null,"url":null,"abstract":"<div><p>Operating systems (OSs) suffer from pervasive memory bugs. Their primary source is shared mutable states, crucial to low-level control and efficiency. The safety of shared mutable states is not guaranteed by C/C++, in which legacy OSs are typically written. Recently, researchers have adopted Rust into OS development to implement clean-slate OSs with fewer memory bugs. Rust ensures the safety of shared mutable states that follow the “aliasing XOR mutability” discipline via its type system. With the success of Rust in clean-slate OSs, the industry has become interested in rewriting legacy OSs in Rust. However, one of the most significant obstacles to this goal is shared mutable states that are <em>aliased AND mutable</em> (A&amp;M). While they are essential to the performance of legacy OSs, Rust does not guarantee their safety. Instead, programmers have identified A&amp;M states with the same reasoning principle dubbed an <em>A&amp;M pattern</em> and implemented its modular abstraction to facilitate safety reasoning. This paper investigates modular abstractions for A&amp;M patterns in legacy OSs. We present modular abstractions for six A&amp;M patterns in the xv6 OS. Our investigation of Linux and clean-slate Rust OSs shows that the patterns are practical, as all of them are utilized in Linux, and the abstractions are original, as none of them are found in the Rust OSs. Using the abstractions, we implemented xv6<span><math><msub><mrow></mrow><mrow><mi>R</mi><mi>u</mi><mi>s</mi><mi>t</mi></mrow></msub></math></span>, a complete rewrite of xv6 in Rust. The abstractions incur no run-time overhead compared to xv6 while reducing the reasoning cost of xv6<span><math><msub><mrow></mrow><mrow><mi>R</mi><mi>u</mi><mi>s</mi><mi>t</mi></mrow></msub></math></span> to the level of the clean-slate Rust OSs.</p></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"238 ","pages":"Article 103152"},"PeriodicalIF":1.5000,"publicationDate":"2024-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science of Computer Programming","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167642324000753","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Operating systems (OSs) suffer from pervasive memory bugs. Their primary source is shared mutable states, crucial to low-level control and efficiency. The safety of shared mutable states is not guaranteed by C/C++, in which legacy OSs are typically written. Recently, researchers have adopted Rust into OS development to implement clean-slate OSs with fewer memory bugs. Rust ensures the safety of shared mutable states that follow the “aliasing XOR mutability” discipline via its type system. With the success of Rust in clean-slate OSs, the industry has become interested in rewriting legacy OSs in Rust. However, one of the most significant obstacles to this goal is shared mutable states that are aliased AND mutable (A&M). While they are essential to the performance of legacy OSs, Rust does not guarantee their safety. Instead, programmers have identified A&M states with the same reasoning principle dubbed an A&M pattern and implemented its modular abstraction to facilitate safety reasoning. This paper investigates modular abstractions for A&M patterns in legacy OSs. We present modular abstractions for six A&M patterns in the xv6 OS. Our investigation of Linux and clean-slate Rust OSs shows that the patterns are practical, as all of them are utilized in Linux, and the abstractions are original, as none of them are found in the Rust OSs. Using the abstractions, we implemented xv6Rust, a complete rewrite of xv6 in Rust. The abstractions incur no run-time overhead compared to xv6 while reducing the reasoning cost of xv6Rust to the level of the clean-slate Rust OSs.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
用 Rust 管理操作系统的共享可变状态
操作系统(OS)普遍存在内存漏洞。它们的主要来源是共享可变状态,这对底层控制和效率至关重要。C/C++ 无法保证共享可变状态的安全性,而传统操作系统通常是用 C/C++ 编写的。最近,研究人员在操作系统开发中采用了 Rust,以实现内存错误更少的干净操作系统。Rust 通过其类型系统确保遵循 "别名 XOR 可变性 "规则的共享可变状态的安全性。随着 Rust 在清洁板操作系统中的成功,业界开始对用 Rust 重写传统操作系统感兴趣。然而,实现这一目标的最大障碍之一是共享的可变状态,即别名和可变状态(A&M)。虽然它们对传统操作系统的性能至关重要,但 Rust 并不保证它们的安全性。相反,程序员们用相同的推理原则识别 A&M 状态,将其称为 A&M 模式,并实现其模块化抽象,以促进安全推理。本文研究了传统操作系统中 A&M 模式的模块化抽象。我们介绍了 xv6 操作系统中六种 A&M 模式的模块化抽象。我们对 Linux 和简洁版 Rust 操作系统的调查表明,这些模式是实用的,因为所有这些模式都在 Linux 中使用,而这些抽象是原创的,因为在 Rust 操作系统中找不到这些模式。利用这些抽象,我们用 Rust 实现了 xv6Rust,这是对 xv6 的完全重写。与 xv6 相比,抽象不产生运行时开销,同时将 xv6Rust 的推理成本降低到了 Rust 操作系统的水平。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Science of Computer Programming
Science of Computer Programming 工程技术-计算机:软件工程
CiteScore
3.80
自引率
0.00%
发文量
76
审稿时长
67 days
期刊介绍: Science of Computer Programming is dedicated to the distribution of research results in the areas of software systems development, use and maintenance, including the software aspects of hardware design. The journal has a wide scope ranging from the many facets of methodological foundations to the details of technical issues andthe aspects of industrial practice. The subjects of interest to SCP cover the entire spectrum of methods for the entire life cycle of software systems, including • Requirements, specification, design, validation, verification, coding, testing, maintenance, metrics and renovation of software; • Design, implementation and evaluation of programming languages; • Programming environments, development tools, visualisation and animation; • Management of the development process; • Human factors in software, software for social interaction, software for social computing; • Cyber physical systems, and software for the interaction between the physical and the machine; • Software aspects of infrastructure services, system administration, and network management.
期刊最新文献
Editorial Board Assessing the coverage of W-based conformance testing methods over code faults Analysis and formal specification of OpenJDK's BitSet: Proof files Parametric ontologies in formal software engineering CAN-Verify: Automated analysis for BDI agents
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1